CVE-2023-40528: 
macOS vulnerability analysis and mitigation

CVE-2023-40528 is a security vulnerability affecting multiple Apple operating systems including tvOS 17, watchOS 10, macOS Sonoma 14, iOS 17, iPadOS 17, and macOS Ventura 13.6.4. The vulnerability was discovered by Kirin (@Pwnrin) of NorthSea and was addressed in updates released by Apple. The issue allows an app to bypass Privacy preferences, potentially compromising user privacy (Apple Security).

The vulnerability exists in the Core Data component of Apple's operating systems. The issue was addressed by removing the vulnerable code that allowed unauthorized privacy preference bypasses. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N, indicating local access is required and user interaction is needed (NVD).

The vulnerability allows a malicious app to bypass Privacy preferences, potentially gaining unauthorized access to sensitive user data. This could lead to privacy violations and unauthorized access to protected information (Apple Security).

Apple has addressed this vulnerability by removing the vulnerable code in the following updates: tvOS 17, watchOS 10, macOS Sonoma 14, iOS 17 and iPadOS 17, and macOS Ventura 13.6.4. Users are advised to update their devices to these versions to protect against this vulnerability (Apple Security).